Thank you very much.
Sent from Surface Pro From: Dave Thompson Sent: Tuesday, March 25, 2014 1:58 AM To: openssl-users@openssl.org I generated a cert for your privatekey using a fake CA I have for my testing (which I already set up in my systems). If you want to set up your own, it’s simple in principle, but there are quite a few options and details. At a minimum: - create a CA key and a selfsigned (root) cert for that key: openssl req –newkey rsa:2048 –x509 –days N –keyout cakey.pem –out cacert.pem # substitute other type and/or size/params of key if desired # specify –config file if not default # answer prompts for name (DN), or change config file, or use –subj # if desired set extensions in config file, or –extensions (section) on commandline - distribute cacert.pem and install where needed - if using ‘ca’ below, create empty index.txt file - both ways create serial file with reasonable value e.g. 01 For each desired EE key&cert, in this case your single one: - create a req (CSR) for that key, with suitable name (DN) openssl req –new –key foo.key –out foo.csr # specify –config if not default and DN as above # can put extensions in CSR but usually better in cert below and then issue a cert EITHER: openssl ca [-config xx] –in foo.csr –out foo.crt # -days in config file or commandline # extensions in config file or referenced by command line if desired OR: openssl x509 –req –days N –CA cacert.pem –CAkey cakey.pem –in foo.csr –out foo.crt # extensions referenced by commandline (only) Use foo.crt in good health. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrew Arnott Sent: Saturday, March 22, 2014 14:56 To: openssl-users@openssl.org Subject: *** Spam *** Re: When P is larger than Q Thanks Dave. Where do you get the cert file to use as input? <snip> From: Dave Thompson Sent: Friday, March 21, 2014 3:37 PM To: openssl-users@openssl.org <snip> I don’t think this violates any standard and it works fine on my Windows (which is 7). I took your privatekey, which is indeed PKCS#1, generated a (fake) cert, put them in a PKCS12, which Windows [7] imported okay and IE(9) was then able to use to authenticate to my test server (which trusts the fake cert). Where are you seeing the “Bad Data”? <snip>
